15 OAuth 2: Using JWT and cryptographic signatures

 

This chapter covers

  • Validating tokens using cryptographic signatures
  • Using JSON Web Tokens in the OAuth 2 architecture
  • Signing tokens with symmetric and asymmetric keys
  • Adding custom details to a JWT

In this chapter, we’ll discuss using JSON Web Tokens (JWTs) for token implementation. You learned in chapter 14 that the resource server needs to validate tokens issued by the authorization server. And I told you three ways to do this:

  • Using direct calls between the resource server and the authorization server, which we implemented in section 14.2
  • Using a shared database for storing the tokens, which we implemented in section 14.3
  • Using cryptographic signatures, which we’ll discuss in this chapter

Using cryptographic signatures to validate tokens has the advantage of allowing the resource server to validate them without needing to call the authorization server directly and without needing a shared database. This approach to implementing token validation is commonly used in systems implementing authentication and authorization with OAuth 2. For this reason, you need to know this way of implementing token validation. We’ll write an example for this method as we did for the other two methods in chapter 14.

15.1 Using tokens signed with symmetric keys with JWT

 
 

15.1.1 Using JWTs

 
 
 

15.1.2 Implementing an authorization server to issue JWTs

 
 
 

15.1.3 Implementing a resource server that uses JWT

 
 
 

15.2 Using tokens signed with asymmetric keys with JWT

 
 
 
 

15.2.1 Generating the key pair

 
 
 
 

15.2.2 Implementing an authorization server that uses private keys

 
 
 

15.2.3 Implementing a resource server that uses public keys

 

15.2.4 Using an endpoint to expose the public key

 
 
 

15.3 Adding custom details to the JWT

 

15.3.1 Configuring the authorization server to add custom details to tokens

 

15.3.2 Configuring the resource server to read the custom details of a JWT

 
 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest